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Abstract — Mobile Ad Hoc Network (MANET) is one kind of new wireless network 
structures which is also known as infrastructure less network. Unlike devices in traditional 
wireless LAN solution, all nodes are movable and the topology of the network is changing 
dynamically in an Ad Hoc Network, which brings great challenges to the security of Mobile 
Ad Hoc Networks. MANET is particularly vulnerable to various types of security attacks 
due to its fundamental characteristics e.g. the lack of centralized monitoring, dynamic 
network topology, open medium, autonomous terminal and management. As a result, 
attackers can take advantage of flaws in routing protocols to carry out various attacks. The 
black hole attack is one of such security issue in MANET. It could disturb the routing 
protocol and bring about huge damage to the network's topology. In this attack, a malicious 
node gives false information of having shortest route to the destination node so as to get all 
data packets and drops it. In this paper, we propose an algorithm which mitigates the 
impact of black hole attack in AOD V routing. 

Index Terms— AODV, Blackhole attack, Anti Near Blackhole-AODV (ANB-AODV), Anti 
Far Blackhole-AODV (AFB-AOD V) 



I. Introduction 

Mobile Ad Hoc Network (MANET) is a collection of infrastructure less nodes that cooperates with each 
other to make temporary network. It consists of a collection of wireless mobile nodes that have capability to 
communicate with each other without the use of network infrastructure or any centralized administration. 
Also security is important to provide protected communication between nodes in a potentially hostile 
environment. Although security has long been an active research topic in wireless networks, the unique 
characteristics of MANETs present a new set of challenges to security design. These challenges include 
shared wireless medium, highly dynamic network topology, open network architecture and stringent resource 
constraints. Consequently, the existing security solutions for wired networks do not directly apply to the 
MANET domain. Routing protocol in MANET is divided into two main categories, one is proactive and 
other is reactive. In proactive routing protocols, routing information of nodes is exchanged, periodically, such 
as DSDV. In on-demand routing protocols, route is established and nodes exchange routing information 
when needed such as AODV [1]. Furthermore, some ad-hoc routing protocols are a combination of above 
categories which are called as hybrid routing protocols. 

II. Overview Of Aodv 

The Ad Hoc On-Demand Distance Vector (AODV) is routing protocol for mobile adhoc network and is an 
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adaptation of the DSDV protocol used in wired network for dynamic link conditions [1] [2] [3]. The AODV is 
based on-demand approach for finding route i.e. a route is established only when it is required by a source 
node for sending data packets and hence it is also known as reactive protocol. In order to identify the most 
recent path for communication, it uses high destination sequence numbers. Every node in an Ad-hoc network 
keeps a routing table, in which there is information about the path or route to a particular destination. 
Whenever a node wants to send data packet, it first checks its routing table to check whether a route to the 
destination is already exist. If so, it uses that path to send the packets to the destination. If a path is not 
available or the previously entered path is inactivated, then the node starts a route discovery process. In route 
discovery process before the actual transmission of data packets, RREQ (Route REQuest) packet is 
broadcasted by the source node. Every node in the network that receives the RREQ packet first checks 
whether it is the destination for that packet and if so, it sends back an RREP (Route REPly) packet via 
reverse path. If it is not the destination, then it checks with its routing table to determine whether it has fresh 
route to the destination. If not, it broadcast RREQ packet to all its neighbours. If its routing table does contain 
an entry to the destination, then the comparison is done between destination sequence numbers in its routing 
table with the destination sequence number contained in the RREQ packet. This Destination Sequence 
number is the sequence number of the last sent packet from the destination to the source. If the destination 
sequence number present in the routing table is lesser than or equal to the one contained in the RREP packet, 
then the node update its routing table. If the destination sequence number in the routing table is higher than 
the destination sequence number contained in the RREP packet, it means that the route is a fresh route and 
packets can be sent via this route. This intermediate node then sends a RREP packet to the node through 
which it received the RREQ packet. The RREP packet is sent back to the source node through the reverse 
route. The source node then updates its routing table and sends its packet through this route. During the 
communication, if any node identifies a link breakage it sends a RERR (Route ERRor) packet to all other 
nodes that uses this link for their communication to other nodes. Since there is no security mechanism in 
AODV protocol, malicious nodes can perform many attacks in network by not following according to AODV 
rules. A malicious node can carry out many attacks against AODV like blackhole, wormhole, sinkhole, sybil 
attack etc. 



III. Blackhole Attack 

A Black Hole attack [4] is a denial of service type of attack where a malicious node gives false information 
of having shortest route to the destination in order to get all the data packets and drop it. In blackhole attack, 
once malicious node receives request (RREQ) packet, it sends back reply (RREP) packet which contain very 
high destination sequence due to which the source node consider it as a fresh route and start sending data 
packet via the path from which reply packet came. In the following Fig. 1, imagine a malicious node M. 
When node S broadcasts a RREQ packet in order to communicate with destination node, then other 
neighbour node receives it. Node M, being a malicious node, does not check up with its routing table for the 
requested route to node D. Hence, it immediately sends back a RREP packet, claiming of having shortest 
path to the destination. Node S receives the RREP from M immediately and assumes that the route through 
M is the shortest route as well as fresh route and thereby starts sending data packets to the destination 
through this path. When the node S sends data packet to M, it absorbs all the data and drop the packets thus 
behaving like a Black hole. 




RREQ (Request Packet) p. 

REPP (Reply Packet) 

Figure 1. Black hole Attack in AODV 
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iv. Related Work 



H. Deng, W. Li, and D.P. Agrawal [4] proposed a protocol that needs the intermediate nodes to send RREP 
message along with next hop information. Once the source node gets this information, it sends a request 
(RREQ) packet to following hop to verify that the target node (i.e. the node that simply sent back the RREP 
packet) has a route to the intermediate node and to the destination. Once next hop receives an 
Further Request, it sends a Further Reply which has the check result to the source node. Based on 
information contained in reply packet the source node checks the validity of the route. In this protocol, the 
RREP packet is modified to contain the knowledge regarding next hop. On receiving RREP, the source 
node send RREQ to the node specified as next hop within the received RREP.B. Sun, Y. Guan, J. Chen and 
U. Pooch [5] use AODV as their routing protocol and simulation is done in ns2 simulator. The detection 
scheme used neighbourhood-based method to detect the black hole attack and then present a routing recovery 
protocol to build the true path to the destination. Based on the information about neighbour set, a solution is 
designed to deal with the black hole attack, which comprised of two parts. The first one is detection and 
second is response. In detection part, there are two steps. In first step there is collection of information about 
neighbour set and in second step it determines whether there exists a black hole attack. In Response 
mechanism, source node sends to destination node a modify-Route-Entry (MRE) control packet to form a 
correct path through modifying the route entries of the intermediate nodes from source to destination. S. 
Ramaswamy, H. Furong, M. Sreekantaradhya, J. Dixon and K. Nygard presented an algorithm in [6] which 
claims to prevent the cooperative black hole attacks in ad-hoc network. In this algorithm each node maintains 
an additional Data Routing Information (DRI) table. Moreover, the solution takes more time to complete in 
the case when the network in not under the attack. This algorithm is based on a trust relationship between the 
nodes, and hence it cannot able to tackle gray hole attacks.M. Al-Shurman, S-M. Yoo and S. Park [7] 
proposed two different approaches to solve the black hole attack. In the first solution the sender node must 
verify the genuineness of the node that initiates the RREP packet by utilizing the redundancy of the network. 
The main idea of this approach is to find more than one path for the destination. The disadvantage of this 
technique is the time delay. In the second approach it needs to store the sequence number of last sent packet 
and the sequence number of last received packet in the table and it is updated only when any packet is 
transmitted or arrived. When node receives reply from another node it checks the sequence number of the last 
sent and received packet. If there exists any mismatching then an alarm indicates the existence of a black 
hole node. This solution has no overhead and is faster as well as more reliable. Tamilselvan and Dr.V. 
Sankaranarayanan [8] proposed a solution to prevent blackhole attack in which the requesting node does not 
send data packets immediately after receiving first reply from neighbouring node rather it waits for other 
replies with next hop details from the other neighboring nodes for some duration of time value. After expiry 
of time value, it then first checks in the Collect Route Reply Table for the presence of any repeated next-hop- 
node. If there is any repeated next-hop-node in the reply paths, it assumes that the paths are safe or the 
chance of malicious paths is reduced. H.Weerasinghe and H. Fu [9] proposed a solution in which the 
intermediate node sends reply (RREP) packet which contains the knowledge or data about the next hop to 
destination when it receives a request (RREQ) packet. After that the source node sends a further request 
(FREQ) packet to next hop of replied node and asks regarding replied node and route to the destination. 
Through this technique, it is able to determine the trustiness of the replied node only if the next hop is 
reliable. However, this methodology is not able to prevent cooperative black hole attack on MANETs. L. 
Tamilselvan and Dr. V. Sankaranarayanan [10] also proposed an enhanced AODV routing protocol, known as 
PCBHA (Prevention of a Co-operative Black Hole Attack) for prevention of cooperative black hole attack. In 
this technique, it provides every node with a default fidelity level, and once broadcasting of RREQ packet is 
done, a source node waits for RREPs packet coming from the other neighbouring nodes, and then it chooses a 
neighbouring node of a higher fidelity level that exceeds the threshold value for passing the data packets. 
After receiving data packet, the destination node sends ACK message and upon receipt of an ACK response, 
the source node may add 1 to the fidelity level of the neighbouring node. If no ACK response is 
received, 1 is deducted from the fidelity level that indicates a potential malicious node on this route due to 
which data packets are dropped before reaching the destination node. M. Medadian , A. Mebadi, E. Shahri 
[11] have proposed an approach to mitigate the impact of black hole attack through the judgment process by 
using honesty of nodes. The honesty of any node is derived from the opinions of neighbor nodes of a node in 
a network. A node should show its honesty in order to transfer the data packets. If a node is the first receiver 
of a RREP packet, it forwards packets to source and initiates judgment process on about replier. The 
judgment process is dependent upon the opinion of network's nodes regarding replier. These neighbors are 
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requested to send their opinion about a node. When a node gathers all opinions of neighbors, it makes 
decision whether the replier is a malicious node or not based on number rules. N. Mistry, D.C. Jinwala and 
M. Zaveri [12] proposed a solution for analyzing and improving the security of AODV routing protocol 
against black hole Attack. The approach basically modifies the working mechanism of source node only by 
using an additional function named as Pre ReceiveReply. A table CmgRREPTab, a variable Mali node 
and a new timer MOSWAITTIME are also added to the original standard AODV protocol. In the proposed 
solution, the source node waits for MOS WAIT TIME after receiving the first RREP and it collects all the 
replies within the Cmg RREP Tab table til MOS WAIT TIME. In this technique the value of 
MOS WAIT TIME is considered to be half the value of RREP WAIT TIME. Now, the source node will 
check the stored replies and will discard the reply having high destination sequence number. The node is 
considered as malicious node which has sent this RREP packet with high destination sequence number.. M.Y. 
Su [13] proposed the mechanism to detect and separate malicious nodes, which selectively perform black 
hole attacks by deploying IDSs in MANETs (mobile ad hoc networks). All IDS nodes perform an Anti -Black 
hole Mechanism (ABM), in which it estimates the suspicious value of a node, according to the amount of 
abnormal difference between RREQs and RREPs transmitted from the node. With the main condition that 
intermediate nodes are forbidden to reply to RREQs, if an intermediate node that has never broadcasts a 
RREQ for a specific route and is also not a destination, forwards a RREP for the route then its suspicious 
value will be augmented by 1 in the nearby IDS's SN (suspicious node) table. When the suspicious value of a 
node exceeds a threshold value, a block message is broadcasted by the detected IDS to all nodes on the 
network in order to cooperatively isolate the suspicious node. K. Liu and J. Deng [14] proposed a 2ACK 
scheme to detect and mitigate the effect of such routing misbehaviour. The 2ACK technique is based on a 
simple 2-hop acknowledgment packet that is sent back by the receiver of the next-hop link. When compared 
with other techniques to overcome the problem, such as the overhearing technique, the 2ACK scheme 
overcomes several problems including ambiguous collisions limited transmission powers and receiver 
collisions. S. Gurung ,Dr. K. K. Saluja and A. Kumar[15] proposed an approach for detection of blackhole 
attack in manet.The proposed method is based on conformation acknowledgment request (CARREQ) to 
check whether the destination has received dummy packet or not. In this technique, Reply table and Blacklist 
table are required for blackhole node detection. In this approach, the source node sends conformation 
acknowledgment request (CARREQ) via other path to destination node and if the destination sends back 
conformation acknowledgment reply (CARREP) then the intermediate node to which the source node 
initially send the dummy packet is trusted node otherwise it is considered as a malicious node. The drawback 
of this solution is time delay. In Table. I, the drawbacks of techniques have been highlighted [15] [16]. 



Table I. Drawbacks Of Techniques 



S.No. 


Methodology proposed By 


Attack 


Drawbacks 


1 


H. Deng , W. Li, and D.P. Agrawal [4] 


Single Blackhole 


Cannot prevent cooperative blackhole 
attack. 

Routing Overhead. 


2 


B. Sun, Y. Guan, J. Chen and U. Pooch [5] 


Single Blackhole 


Becomes useless when the attacker agrees 
to forge the fake reply packets. 


3 


S. Ramaswamy, H. Furong, M. Sreekantaradhya, J. 
Dixon and K. Nygard [6] 


Cooperative Blackhole 


Cannot tackle grayhole attack. 


4 


M. Al-Shurman , S. Yoo and S.Park [7] 


Single Blackhole 


Time Delay. 

Attacker can listen to the channel and 
update the tables for last sequence 
number. 


5 


L. Tamilselvan and Dr.V. Sankaranarayanan [8] 


Single Blackhole 


Time Delay. 

Finding repeated next hop is additional 
overhead. 


6 


H. Weerasinghe, H. Fu [9] 


Cooperative Blackhole 


5-8% more communication overhead of 
route request. 


7 


L. Tamilselvan and Dr.V. Sankaranarayanan [10] 


Cooperative Blackhole 


Time Delay. 


8 


M. Medadian , A. Mebadi, E. Shahri [11] 


Cooperative Blackhole 


Opinion of neighbour may not be always 
correct. 


9 


N. Mistry , D.C. Jinwala and M. Zaveri [12] 


Single Blackhole 


Time Delay. 

Failed to detect cooperative blackhole 
attack. 


10 


M.Y. Su[13] 


Multiple Blackhole 


Time Delay. 


11 


S. Gurung ,Dr. K. K. Saluja and A. Kumar[15] 


Single Blackhole 


Time Delay 
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V. Proposed Methodology 



In this section, we propose a solution to mitigate the impact of black hole attack in the network. Following is 
the diagram showing blackhole attack. 




A. Matrix Representation 

Table II. Truth Table Of Blackhole Node 



Figure No. 


Shortest route to Destination 


Malicious Node 


Packet Drop 


2 


T 


T 


T 


3 


F 


T 


T 



From the above Table. II, it is shown that if there is path between malicious node and destination as given in 
Fig. 2, which is of shortest path then the malicious node will drop the packet and if there is no path between 
them as depicted in Fig. 3 and it gives false statement of having shortest path to destination even then also it 
will drop the data packets. 

B. ANB-AODV: Anti Near Blackhole- AODV 

In order to mitigate the impact of blackhole attack in manet, AODV protocol has been slightly changed. In 
this approach, when sender broadcast the RREQ packet, it will wait for reply. The source node will get first 
reply from malicious node provided the malicious node is near to source node as shown in Fig. 4 and acquire 
the data packet and it will not forward the packet to the destination. In proposed methodology i.e. ANB- 
AODV (Anti Near Blackhole- AODV), the source node will accept the first reply coming from malicious 
node and start sending data packets. But after some time when the second reply comes from original 
destination, it will accept the second reply and start sending via this alternative path as shown in Fig. 5. 
Algorithm for ANB-AODV 

1. If Reply table is NULL 

2. Set count: =0 

3. Insert Destination node 

4. Else 

5. Set count: =count+l 

6. Update Route Table 




C AFB-AODV: Anti Far Blackhole-AODV 



In order to mitigate the impact of blackhole attack in MANET, AOD V protocol has been slightly changed. In 
this approach, when sender broadcast the RREQ packet, it will wait for reply. The source node will get first 
reply from destination original node provided the destination node is near to source node and malicious node 
is far away from source node as shown in Fig. 6. In proposed methodology i.e. AFB-AODV (Anti Far 
Blackhole-AODV), the source node will accept the first reply coming from original destination node and start 
sending data packets. But after some time when the second reply comes from malicious node, it will reject 
the second reply as shown in Fig. 7. 
Algorithm for AFB-AODV 

1. If Reply table is NULL 

2. Set count =0 

3. Insert Destination node 

4. Update Route Table 

5. Else 

6. Set count: =count+l and Drop Reply 



Figure 6. Accepting First Reply Figure 7. Rejecting second reply 




VI. Simulation Environment And Result 

A simulation model was developed using NS-2 (version 2.34) where the evaluation was done by analyzing 
the performance of network under without blackhole attack and with blackhole attack. Two scenarios are 
taken one is static in which no node is mobile and other one is mobility in which Random Waypoint mobility 
model is used. 

A. Static Scenario 
1 . ANB-AODV 

In this scenario, no node is movable that is these nodes are static and AODV routing protocol is used. When 
there is no malicious node then source node gets reply from destination node and starts transferring data 
packet thereby having packet delivery rato percentage upto 100 %. But when malicious node is present in the 
network it gives first reply to source node when source node broadcast the route request. Thus the source 
node will accept the first reply coming from malicious node thereby starts transferring data packets to this 
node due to which there is decrease in packet delivery ratio in AODV routing protocol. When ANB-AODV 
routing protocol is used it will reject the first reply coming from blackhole node and accept the second reply 
coming from original destination node thereby increasing the packet delivery ratio as shown in Fig. 8. 

120 




AODV BAODV ANB-AODV 

Routing Protocols 



Figure 8. PDR %age in presence of Blackhole Attack 
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2. AFB-AODV 

When there is no malicious node then source node gets reply from destination node and starts transferring 
data packet thereby having packet delivery ratio percentage upto 100 %. But when malicious node is present 
in the network, the source node gets second reply from malicious node after getting first reply from original 
destination node. Thus the source node will accept the second reply coming from original destination node 
thereby starts transferring data packets to this node due to which there is decrease in packet delivery ratio in 
AODV routing protocol. When AFB-AODV routing protocol is used it will reject the second reply coming 
from blackhole node and accept the first reply coming from original destination node thereby increasing the 
packet delivery ratio as shown in Fig. 9. 

120 




AODV BAGDV AFB-AODV 

Routing Protocols 

Figure 9. PDR %age in presence of Blackhole Attack 

B. Mobility Scenario 

In this scenario all nodes are movable. Fig. 10 is showing network without blackhole attack. The mobility 
model used in the network is Random Waypoint Mobility model. In mobility case, in each scenario the nodes 
are randomly positioned and moves with different speed as depicted Fig. 1 1 . 




Figure 10. Network without Blackhole Attack 




Figure 1 1 . Network with Blackhole Attack 
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Figure 12. Average Throughput in presence of Blackhole Attack 
From Fig. 12, it is clear that when there is no attack in network, the average throughput is high but when 
there is blackhole attack in the network this throughput goes down because of packet drop by blackhole node. 
The average throughput is very low in case of two blackhole node in the network as compared to one 
blackhole node which shows that increasing blackhole node results in decreasing the average throughput of 
the network. When ANB-AODV or AFB-AODV is used there is increase in the average throughput which 
improves the performance of network. 



-*-AODV 
-*-lBAODV 
* 2BAODV 
— ANB-AODV 
— AFBAOOV 



55 Average 




25 35 45 
Node Mobility Speed 



Figure 13. PDR %age in presence of Blackhole Attack 
From Fig. 13, it is clear that when there is no attack in network, the packet delivery ratio is high but when 
there is blackhole attack in the network this packet delivery ratio goes down low due to packet dropping by 
malicious node. The packet delivery ratio is very low in case of two blackhole node in the network as 
compared to one blackhole node which shows that increasing blackhole node results in decreasing the packet 
delivery ratio of the network. When ANB-AODV and AFB-AODV protocol is used, there is increase in the 
packet delivery ratio thereby improving the performance of network. 
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Figure 14. Packet Loss %age in presence of Blackhole 
From Fig. 14, it is clear that when there is no attack in network, the packet loss is low but when there is 
blackhole attack in the network this packet loss goes up because of packet dropping by malicious node. The 
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packet loss ratio is very high in case of two blackhole node in the network as compared to one blackhole 
node which shows that increasing blackhole node results in increasing the packet loss of the network. When 
ANB-AODV and AFB-AODV protocol is used then there is decrease in the packet loss thus improving the 
performance of network. 

VII. Conclusions 

Security is important in wireless Mobile Adhoc networks as they are prone to various network threats and 
vulnerable to various kinds of attacks like sinkhole, wormhole, rushing attack, Black Hole attack and so on. 
The performance of the proposed approach under Black Hole attack has been compared with AODV under 
Black Hole attack. The simulation results show that the proposed approach is effective in improving the 
performance of the network. As a future work, we intend to propose new algorithm for the detection and 
prevention of blackhole attack. 
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